Lucene search

K
kasperskyKaspersky LabKLA61753
HistoryJan 18, 2023 - 12:00 a.m.

KLA61753 Multiple vulnerabilities in Wireshark

2023-01-1800:00:00
Kaspersky Lab
threats.kaspersky.com
10
wireshark
vulnerabilities
denial of service
sensitive information
eap dissector
bpv6
ncp
rtps
gnw dissector
tipc dissector
iscsi dissector
nfs dissector

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

44.6%

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Denial of service vulnerability in EAP dissector can be exploited to cause denial of service.
  2. Denial of service vulnerability in BPv6, NCP, and RTPS dissectors can be exploited to cause denial of service.
  3. Denial of service vulnerability in GNW dissector can be exploited to cause denial of service.
  4. Denial of service vulnerability in TIPC dissector can be exploited to cause denial of service.
  5. Information disclosure vulnerability in NFS dissector can be exploited to obtain sensitive information.
  6. Denial of service vulnerability in iSCSI dissector can be exploited to cause denial of service.
  7. Denial of service vulnerability in Some dissectors can be exploited to cause denial of service.

Original advisories

Wireshark • wnpa-sec-2023-03 Dissection engine crash

Wireshark • wnpa-sec-2023-04 GNW dissector crash

Wireshark • wnpa-sec-2023-01 EAP dissector crash

Wireshark • wnpa-sec-2023-06 Multiple dissector excessive loops

Wireshark • wnpa-sec-2023-05 iSCSI dissector crash

Wireshark • wnpa-sec-2023-02 NFS dissector memory leak

Wireshark • wnpa-sec-2023-07 TIPC dissector crash

Related products

Wireshark

CVE list

CVE-2023-0411 high

CVE-2023-0412 high

CVE-2023-0413 high

CVE-2023-0414 high

CVE-2023-0415 high

CVE-2023-0416 high

CVE-2023-0417 high

Solution

Update to the latest version

Download Wireshark

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Wireshark 3.6.x earlier than 3.6.11Wireshark 4.0.x earlier than 4.0.3

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

44.6%